ESET report: Apps on Google Play Steal Facebook Credentials

ESET®, a global pioneer in IT security for more than two decades, recently analyzed two new samples of malware on Google Play masquerading as games called Cowboy Adventure and Jump Chess. The apps contained a trojan functionality allowing them to carry out Facebook phishing attacks. Google has since taken down both of the apps and now displays a warning before their installation on Android devices. Read the complete story on WeLiveSecurity.com. A few months ago, Google has also announced that the company has been improving security mechanisms on its Google Play Store to lower the risk of its users getting infected by malware. Unlike Fake Minecraft which was recently analyzed by ESET, both Cowboy Adventure and Jump Chess were actual full-fledged games in addition to containing a fraudulent element. After this app’s launch on an Android device, it would display a fake Facebook login window and send over the victim’s Facebook credentials directly to the attackers’ server.

“Despite the fact that the number of potential victims may have been up to one million, thankfully many were able to avoid being tricked by this scam as the negative user comments helped prevent them from entering their Facebook user name and password,” said Robert Lipovsky, Senior Malware Researcher at ESET.

About ESET

Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.